Today our OpEd, DMARC Will Not Make Email Secure, was published in Infosecurity Magazine. We hope you find it interesting.
ICONIX, Inc., the industry leader in visual email solutions, announced on September 15, 2015, that the United States Patent and Trademark Office has issued Iconix’s seventh patent titled “User interface for email inbox to call attention differently to different classes of email.” The abstract for U.S. Patent 9,137,048, dated September 15, 2015, states: “Sender emails have their Truemarks (icons) displayed in the sender column of a list view” and “fraudulent emails have a fraud icon displayed with a warning in the sender column.”
Learn more at our new blog.
Leave a Comment » | Consumers and Email, Cybersecurity - General, Email Authentication, Email Marketing, Iconix Truemark Service, Phishing, SP Guard, spear phishing | Permalink
Posted by iconixtruemark
On December 2, 2014, the United States Patent and Trademark Office issued Iconix its sixth patent titled “RAPID IDENTIFICATION OF MESSAGE AUTHENTICATION.” The abstract for U.S. Patent 8,903,742, dated December 2, 2014, states: “Techniques are presented for uniquely identifying authentication associated with messages.” Iconix filed the patent on October 10, 2011.
Learn more at our new blog.
We recently revised our website. Our blog is now integrated into our website. You can find our blog at:
We appreciate your loyal readership and hope that you will continue to read our blog at its new location.
Yesterday, dmarc.org released the new DMARC standard for email. Contributors to the DMARC standard include Agari, American Greetings, AOL, Bank of America, Cloudmark, Comcast, Facebook, Fidelity Investments, Google, LinkedIn, Microsoft, PayPal, Return Path, TDP, and Yahoo!.
DMARC stands for “Domain-based Message Authentication, Reporting & Conformance.” DMARC provides important extensions to the existing email authentication standards by providing automated and standardized methods to process messages that fail email authentication. DMARC explains the significance of this enhancement:
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
Let’s look at an example. If a phisher spoofs “paypal.com”, the real email address of PayPal, the bad guy cannot send email from PayPal’s email servers. Because the bad guy can’t use the real email servers, the fake paypal.com email will fail authentication. Before DMARC, webmail services such as Hotmail, Yahoo! Mail, AOL, Mail and Gmail lacked a systematic way for senders to tell them what to do with emails that failed authentication. This is where DMARC comes into play. If PayPal is using DMARC, webmail providers will know that PayPal wants them to reject the fake “paypal.com” email.
Let’s look at another example. What does DMARC do if a phisher uses a deceptive email address instead of “paypal.com”? Consider the example of paypa1.com, where the last letter is really the number one instead of the letter el. Because the deceptive domain is not paypal.com, the deceptive domain is not governed by the authentication records of the paypal.com or the DMARC instructions for paypal.com. The authentication records and DMARC instructions for paypal.com govern only paypal.com and not the other hundreds of millions of domains that exist and will be created. DMARC will have no impact on paypa1.com emails.
While DMARC can deny bad guys the use of the actual domains of trusted senders, DMARC cannot stop bad guys from using domains that are not the actual domains of trusted senders. DMARC will not stop pay-pal.com, fasebook.com, or the myriad of other deceptive domains that bad guys will dream up. DMARC is useful because it:
- allows senders to specify handling policies about messages that fail authentication, and
- provides feedback that can help senders improve their authentication accuracy,
but it only addresses one of many doors that phishers use to get into the inbox.
To deal with all the doors leading to your inbox , you need more. You need a service that can distinguish real from fake for leading consumer brands, regardless of the methods that phishers use. You need eMail ID from Iconix.
Know Who. No Doubt. Use eMail ID.
Maarten Oelering, an IT Consultant and Email Delivery Expert in Holland, noted in a tweet today that Marktplaats (NL) is now sending with DKIM and supporting the Iconix trust icon. Marktplaats is a Dutch affiliate of eBay.
You can check out our Marktplaats experience at http://www.iconix.com/locale/nl/marktplaats/
Today Iconix released a whitepaper entitled, “Getting More From Email Authentication.”
As the whitepaper describes, Email authentication is a technical means of identifying the sender of email. When a sender uses email authentication, a public record is created that that can be used by the recipient to verify the identity of the sender. However, email authentication is a self-issued credential. The owner of phishing.com can authenticate its email. Email authentication alone does not solve the problem of bad guys pretending to be good guys. Email authentication is used by email filtering systems as an important spam indicator. Unauthenticated email is suspect and is less likely to be delivered. Additionally, by combining the identity of the sending server (which is determined using email authentication) with email reputation data from vendors such as Return Path, spam filters can be fine-tuned to do a better job of delivering messages that users want.
Email authentication can help senders get their email into the inbox, but the delivered message looks like all the other messages – lost in a sea of text that makes it hard to find. Recipients want to find emails of interest that are lost sea of text. And when they find it, they want to know it’s real! That is where Iconix comes in.
Just as you distinguish your goods and services with your trademark, you can now distinguish email you send using the Truemark® service from Iconix. Using patented and patent pending extensions of email authentication, Iconix marks your email so that your recipients can instantly recognize your messages in the inbox.
To learn more, visit us at http://iconix.com/business/.